huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Log when a request is an OPTIONS request but not a preflight request 

Fixes https://github.com/aspnet/AspNetCore/issues/2375
This commit is contained in:
Pranav K 2018-10-11 12:45:56 -07:00
parent 2690a3f621
commit e6bdf128f2
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
View File

@ -92,9 +92,14 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
var origin = context.Request.Headers[CorsConstants.Origin];
var requestHeaders = context.Request.Headers;
var isPreflightRequest =
string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) &&
requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
var isOptionsRequest = string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase);
var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
if (isOptionsRequest && !isPreflightRequest)
{
_logger.IsNotPreflightRequest();
}
var corsResult = new CorsResult
{

11
src/Microsoft.AspNetCore.Cors/Internal/CORSLoggerExtensions.cs
View File

@ -19,6 +19,7 @@ namespace Microsoft.AspNetCore.Cors.Internal
private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders;
private static readonly Action<ILogger, Exception> _noCorsPolicyFound;
private static readonly Action<ILogger, Exception> _insecureConfiguration;
private static readonly Action<ILogger, Exception> _isNotPreflightRequest;
static CORSLoggerExtensions()
{
@ -76,6 +77,11 @@ namespace Microsoft.AspNetCore.Cors.Internal
LogLevel.Warning,
new EventId(11, "CorsInsecureConfiguration"),
"The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.");
_isNotPreflightRequest = LoggerMessage.Define(
LogLevel.Debug,
new EventId(12, "OptionsRequestWithoutAccessControlRequestMethodHeader"),
"This request uses the HTTP OPTIONS method but does not have an Access-Control-Request-Method header. This request will not be treated as a CORS preflight request.");
}
public static void IsPreflightRequest(this ILogger logger)
@ -132,5 +138,10 @@ namespace Microsoft.AspNetCore.Cors.Internal
{
_insecureConfiguration(logger, null);
}
public static void IsNotPreflightRequest(this ILogger logger)
{
_isNotPreflightRequest(logger, null);
}
}
}